Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-7459

VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published

2016-12-29T09:59:00.633

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.7 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-611
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application vmware vcenter_server 5.0 Yes
Application vmware vcenter_server 5.5 Yes
Application vmware vcenter_server 5.5 Yes
Application vmware vcenter_server 5.5 Yes
Application vmware vcenter_server 5.5 Yes
Application vmware vcenter_server 5.5 Yes
Application vmware vcenter_server 6.0 Yes
Application vmware vcenter_server 6.0 Yes
Application vmware vcenter_server 6.0 Yes
Application vmware vcenter_server 6.0 Yes
Application vmware vcenter_server 6.0 Yes
Application vmware vcenter_server 6.0 Yes
Application vmware vcenter_server 6.0 Yes
References